Junior Cybersecurity Analyst
About the Role
Location Portugal Lisboa Amadora Remote vs. Office Hybrid (Remote/Office) Company Siemens Energy Unipessoal Lda. Organization Siemens Energy Business Unit n/a Full / Part time Full-time Experience Level Early Professional
A snapshot of your day:
In this role, you'll spend your day blending technical creativity with collaborative problem-solving, refining scenarios to reflect current threat trends. Much of your work involves researching attacker tactics and translating them into realistic injects and artifacts—such as mock phishing emails, SIEM alerts, or log snippets—that make tabletop exercises engaging and educational.
You'll prepare and maintain drill materials, including facilitator guides, participant briefings, and reporting templates, ensuring everything is ready for smooth delivery. Collaboration is key: you'll interact with process and factory security officers to tailor scenarios to real-world constraints and compliance requirements. During drills, you'll support facilitators by introducing injects, monitoring discussions, and capturing observations for improvement tracking.
After exercises, you'll summarize findings into clear reports, update the cyberdrill backlog, and log follow-up actions. Along the way, you'll use scripting skills to automate small tasks, keep threat intelligence fresh, and contribute to dashboards that measure resilience progress. Every day offers a mix of technical work, stakeholder engagement, and creative thinking—helping the organization stay prepared for evolving cyber threats.
How You'll Make an Impact
1. Support in planning portfolio and CyberDrills execution:
2. Support to plan, organize, and conduct regular cyberdrills to simulate security incidents, assess incident response readiness, and identify areas for improvement.
3. Collaborate with multi-functional teams to design realistic scenarios that mimic real-world threats. Track sector-relevant TTPs (energy/OT) and convert them into believable triggers, timelines, and decision points for tabletop delivery.
4. Evaluate the effectiveness of our incident detection, containment, and recovery processes during these drills.
5. Documentation and Cyberdrill Product Improvement:
6. Maintain and continuously improve cyberdrill documentation, including facilitator guides, participant briefings, and reporting templates.
7. Contribute to the enhancement of scenario libraries by creating new injects, artifacts, and timelines based on emerging threats and lessons learned.
8. Standardize templates for playbooks, reports, and dashboards to ensure consistency and scalability across global drills.
9. Support version control and SharePoint organization for all cyberdrill materials.
10. Leadership and Communication:
11. Support in providing clear and concise reports on drill outcomes, including recommendations for process enhancements.
12. Collaborate with management and other teams to ensure alignment with organizational security goals.
What You Bring
13. Bachelor's degree in Computer Science, Information Security, or related field (or to be concluded).
14. Excellent verbal and written communication skills in English.
15. Clear written and verbal communication; comfortable facilitating multi disciplinary discussions and documenting outcomes.
16. Must be proactive, possess excellent attention to detail, provide effective communication, organization, problem solving, and prioritizing skills.
17. Follow local compliance regulations.
18. 1–2 years in cybersecurity (, SOC/blue team, incident response, compliance/ISMS support, or cyber range/tabletop content work).
19. Working knowledge of networking, Windows/Linux, identity & access, IR lifecycle, and basic log/event handling.
20. Familiarity with NIST CSF / ISO 27001; awareness of energy sector considerations (NERC CIP, EU NIS2, GDPR) is a plus for scenario constraints and stakeholders.
Nice to have
21. Scripting (Python or PowerShell) for small utilities: generating mock artifacts, parsing logs, or automating template preparation.
22. Basic knowledge of LLM
23. Basic knowledge of most common pentest vulnerabilities
24. Exposure to ICS/OT environments (SCADA, PLCs) and typical OT risk scenarios.
25. Experience assembling content for tabletop exercises or platforms like ImmersiveLabs.
26. Basic SIEM skills to craft plausible injects (alerts, emails, tickets).
CONTRACT WILL BE THROUGH A THIRD-PARTY COMPANY